public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-13 17:56:26 +00:00
Code Issues Releases Wiki Activity
Files
c84baaa2a9a7273b1e3959e238d5d90f7b7d6b45
geek-cookbook/manuscript/recipes/sso-stack.md
David Young 1d64d39e01 Correct spelling of recipes once and for all
2018-11-22 22:22:17 +13:00

45 lines
2.5 KiB
Markdown
Raw Blame History

hero: SSO for all your stack elements 🎁
# SSO Stack
Most of the recipes in the cookbook are stand-alone - you can deploy and use them in isolation. I was approached recently by an anonymous sponsor, who needed a stack which would allow the combination of several collaborative tools, in a manner which permits "single signon (SSO)". I.e., the goal of the design was that a user would be provisioned _once_, and thereafter have transparent access to multiple separate applications.
The SSO Stack "uber-recipe" is the result of this design.
![SSO Stark Screenshot](../images/sso-stack.png)
This recipe presents a method to combine multiple tools into a single swarm deployment, and make them available securely.
## Menu
Tools included in the SSO stack are:
* **[OpenLDAP](https://www.openldap.org/)** : Provides Authentication backend
* **[LDAP Account Manager ](https://www.ldap-account-manager.org)** (LAM) : A Web_UI to manage LDAP accounts
* **[KeyCloak](https://www.keycloak.org/)** is an open source identity and access management solution, providing SSO and 2FA capabilities backed into authentication provides (like OpenLDAP)
* **[docker-mailserver](https://github.com/tomav/docker-mailserver)** : A fullstack, simple mail platform including SMTP, IMAPS, and spam filtering components
* **[RainLoop](https://www.rainloop.net/)** : A fast, modern webmail client
* **[GitLab](https://gitlab.org)** : A powerful collaborative git-based developmenet platform
* **[NextCloud](https://www.nextcloud.org)** : A file share and communication platform
This is a complex recipe, and should be deployed in a sequential manner (_i.e. you need OpenLDAP with LDAP Account Manager, to enable KeyCloak, in order to get SSO available for NextCloud, etc.._)
## Ingredients
1. [Docker swarm cluster](/ha-docker-swarm/design/) with [persistent shared storage](/ha-docker-swarm/shared-storage-ceph.md)
2. [Traefik](/ha-docker-swarm/traefik) configured per design
3. Access to NZB indexers and Usenet servers
4. DNS entries configured for each of the NZB tools in this recipe that you want to use
## Preparation
Now work your way through the list of tools below, adding whichever tools your want to use, and finishing with the **end** section:
* [OpenLDAP](/recipes/sso-stack/openldap.md)
### Tip your waiter (donate) 👏
Did you receive excellent service? Want to make your waiter happy? (_..and support development of current and future recipes!_) See the [support](/support/) page for (_free or paid)_ ways to say thank you! 👏
### Your comments? 💬
Reference in New Issue View Git Blame Copy Permalink